Having some trouble with refresh tokens, could I confirm my findings are as expected?
- Refresh tokens have the same expiration (
exp) time as access tokens according to the introspect endpoint
- A successful call to
/oauth2/revokefor an access token also deactivates the refresh token
If the above is expected, is there some configuration that allows for refresh tokens that don’t expire?
Git Hash: f359d0809badec1219d4678afe54ae628b0bdf70
Build Time: 2018-09-01T13:28:52Z
Thanks for hydra, it seems like a perfect fit for our use-case!